How to Make your site secure safely- Going HTTPS: SSL Checklist

Okay so you made the decision to go secure. Please make sure you or your technical person keeps the following things in mind.

1. MAKE SURE OUR SCRIPT WRAPPER IS BEING CALLED OVER HTTPS://

Our script wrapper should already be set up to serve over SSL http/2 if you’re running the latest version of our script wrapper code. That code should include what’s called a Protocol-relative URL, or a URL that begins with // instead of http:// or https://.

That means the script wrapper should automatically serve over https:// if you’re browsing your site https://. To verify you’re running the latest version of our script wrapper, make sure you’re either serving it via our Mediavine Control Panel plugin in WordPress, or you grab the latest code from your dashboard under Settings > Ad Setup.

2. SWITCH OVER ALL RESOURCES TO LOAD OVER HTTPS://

When you go SSL, more than just your page needs to be SSL. Every single image, stylesheet, JavaScript, etc has to be served over https://. You should do as many as you can by hand, verifying that those resources serve properly over SSL, and use a plugin to convert the rest over.

3. IMPORTANT FOR ADS: SET UP A CSP TO BLOCK ALL MIXED CONTENT

If you missed any resources in step #2, a Content Security Policy (CSP) to “block all mixed content” will help catch the rest. This is also especially important with advertisements. There are millions of ads out there and although they’re supposed to respect a SSL request, it is possible for one to return an ad with an insecure resource. Setting a CSP to block mixed content will make sure your page doesn’t show any insecure elements. You can read more in our Content Security Policies help article.

4. REDIRECT ALL HTTP:// URLS TO HTTPS://

In order to preserve your search engine rankings and to make sure you have the best user experience make sure every page redirects from http:// to the https:// equivalent on your site, and is set up as a proper 301 redirect. For example, each article needs to 301 redirect to the https equivalent as such:

5. SET UP A NEW WEBMASTER SEARCH CONSOLE PROPERTY

A https:// version of your site is technically a whole new site so make sure you create a new property in Google Webmaster Search Console.

6. MAKE SURE YOU UPDATE YOUR GOOGLE ANALYTICS PROFILE

You can continue to use your existing Google Analytics profile, but make sure you update it to change the base URL to https://

7. UPDATE ALL YOUR SOCIAL MEDIA PROFILES TO LINK TO YOUR HTTPS:// VERSION

Every social media profile you have that lets you list your URL should be updated to the secure version, from Facebook to Pinterest.. Bottom line: if you’re linking back to yourself from a social platform, make sure you’re doing it with the https:// version of your URL.